1. Field of the Invention
The present invention relates to the field of digital rights management. More particularly, this invention relates to security and systems and methods that ensure that content is accessed, copied and controlled in secure ways in an electronic environment.
2. Description of the Related Art
Entities, including people, companies, systems and computers transfer information faster than ever since the advent of the Internet and technologically advanced electronic appliances. Facsimile machines, computers, and electronic appliances such as personal digital assistants (PDAs) and wireless phones with Internet access enable the quick transfer of information to remote locations around the world.
The quick transfer of information is not without drawbacks. Information in digital form, while readily transferable, is also readily accessible to many more entities than ever before. So-called “hackers” attract attention by quickly retrieving information from computer systems before being detected. Similarly, world-wide web pages quickly disseminate electronic content on the Internet, such as MP3 data containing copyrighted material. Thus, electronic content reaches individuals to whom it was not intended. For this reason, electronic content providers, businesses and citizens are increasingly concerned about security issues.
The issue concerning security of electronic content and the Internet is timely and hotly debated. For example, Alanis Morissette addressed the issues of copyright and royalties to a U.S. Senate Judiciary Committee headed by Orrin Hatch in a hearing entitled “Online Entertainment and Copyright Law: Coming Soon To A Digital Device Near You.” In her speech, Alanis highlighted the differences in goals between content creators, content providers and content users. Commercial content providers desire compensation for the electronic content. These content providers are concerned with the prevalent copying of content without compensation, such as compact disks (CDs) and digital video disks (DVDs). Individual content users are often at cross purposes with content providers, desiring unauthorized copying of content, including digital music, software programs, movies, digital books and the like. Content creators, who desire as wide an audience as possible, are often tom between dissemination goals and compensation goals.
The speed with which appliances, computers and the like disseminate electronic content caused an increase in complex security techniques. These complex security techniques attempt to ensure the security of the content and the transactions. For example, one security technique protects electronic transactions and content by using a time stamp or a counter to determine whether a transaction is authentic. Other security techniques focus on cryptography and mathematical algorithms.
Cryptographic solutions not only provide confidentiality to transactions and content, but provide methods for authentication, integrity (e.g., verifying that a message has not been modified in transit), and non-repudiation (preventing false denials of transactions). Some cryptographic solutions are referred to as restricted algorithms that typically are used by low-security applications. More recently, cryptographic keys protect content by requiring a key for both encryption and decryption of content. Key-based cryptographic solutions enable the spreading of an algorithm without risking security breaches because the security onus is on the keys themselves.
There are a number of cryptographic key solutions. One type is the symmetric key solution in which an encryption key can be calculated from the decryption key and vice versa. A more secure key solution is the public-key solution, or asymmetric solution, in which the key used for encryption is different from the key used for decryption. The public-key solution is part of the ISO authentication specifications, commonly known as the X.509 protocols. More specifically, the X.509 protocols provide a framework for authentication across networks, such as the Internet. The X.509 protocols do not specify a particular algorithm. Instead, the protocols focus on using public-key certificates. Under the specification, each user has a distinct name and has a signed certificate with a name and a public key issued by a trusted certification authority (CA). Typical fields in an X.509 certificate include: version; serial number; algorithm identifier; issuer; period of validity; subject; subject's public key; and signature. More specifically, a version field identifies a format for the certificate. A serial number is unique for the certification authority. The algorithm field identifies the type of algorithm used to sign the certificate and includes necessary parameters to run the algorithm. The issuer field identifies the name of the CA. The period of validity field provides the time period during which the certificate is valid. The subject field identifies the name of the user. The subject's public key field provides the algorithm name, parameters and such related to the public key.
Communicating using certificates configured according to the X.509 protocol is known in the art. A user desiring to communicate with another retrieves the destination certificate from a database and verifies authenticity. Verifying authenticity often involves several CAs if there is a hierarchy of CAs between the user's CA and the destination CA. After verification, communication may take place. Typically, timestamps are used to confirm that messages are current. A three-way protocol is one authentication protocol that does not use timestamps, however, additional steps are required involving the user checking a random number that was originally generated by the user, sent to the destination, and received back from the destination. Likewise, the destination checks a random number received from the user that was originally generated at the destination.
Another known security technique is fingerprinting messages. Fingerprinting is typically accomplished using a hash function. There are a number of types of hash functions. A common hash function is the one-way hash function that provides a fixed-length hash value, h, after operating on an arbitrary-length pre-image message. The h is unique to the message associated with it. However, the security of the h depends on the number of bits of the hash. A practical size is 128 bits. There are a number of different types of hashing algorithms, including the Message Digest (MD) 4 algorithm, the MD5 algorithm, which is more complex than the MD4 algorithm. Another type of hash function is the n-hash algorithm. A more complicated hash algorithm than the one-way hash, an n-hash algorithm implements a randomizing function, hashing and logical exclusive OR functions.
The descriptions of cryptographic solutions above represent a sampling of known digital security systems. Another aspect of the security of electronic content concerns digital rights management (DRM). DRM entails the establishment and management of rights and permissions for digital content and supports distribution of digital content. DRM is necessary for digital distribution of educational, professional and trade content as well as entertainment content.
Some known DRMs use the eXtensible Rights Markup Language (XML) to implement access and use controls for the exchange of secure digital content. Markup languages are typically based on the Standard Generalized Markup Language (SGML). SGML is a standard language for defining the format in a text document that allows sharing of documents among computers, regardless of hardware and operating system configurations. Markup language files use a standard set of code tags embedded in text that describes the elements of a document. The web browser interprets the code tags so that each computer having its own unique hardware and software capabilities is able to display the document while preserving the original format of the document. An SGML document uses a separate document type definition (DTD) file that defines the format code tags embedded within it.
Other DRM schemes are implemented with C, Fortran and other known programming languages. Known systems include Interleaf, ArborText, and TexCel.
As discussed above, content providers, content creators and content users are in conflict. Known DRM systems fail to resolve the conflicts between these stakeholders in the electronic content world. More specifically, to resolve the conflicts, a DRM is needed that meets content users expectations, including allowing a consumer fair use of content. Further, content providers, including content owners and manufacturers need a DRM that maintains content security, supports new and expanded business models and brings high value to the marketplace for the content. One area in which improvement is needed is in the area of security of devices. Content providers, content vendors, and users, must be assured that devices that are unauthorized can be revoked.